Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/v8IwCDtYNCTuGpxpKIyBWWgQpH8.roa
File:                     v8IwCDtYNCTuGpxpKIyBWWgQpH8.roa (raw, json)
Hash identifier:          zZMyLP8ljYbmWtxvqiri+t8K/bApVDIvmS40veLHe3A=
Subject key identifier:   BF:C2:30:08:3B:58:34:24:EE:1A:9C:69:28:8C:81:59:68:10:A4:7F
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019E17D294753D9B55209BADB9AAB7892386
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/v8IwCDtYNCTuGpxpKIyBWWgQpH8.roa
Signing time:             Mon 11 May 2026 16:15:36 +0000
ROA not before:           Mon 11 May 2026 16:15:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201064
IP address blocks:        185.98.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:d2:94:75:3d:9b:55:20:9b:ad:b9:aa:b7:89:23:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: May 11 16:15:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bfc230083b583424ee1a9c69288c81596810a47f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c8:e5:ab:52:55:e3:c5:f2:00:ca:f4:0e:00:
                    6e:ce:83:b0:f2:25:01:9f:89:48:ee:52:35:6b:5d:
                    80:16:04:99:7c:01:f7:24:c9:d5:f6:6a:3e:1c:95:
                    c2:69:92:25:e5:c8:29:11:b6:9f:ff:d9:f0:61:b6:
                    24:fb:9e:62:04:c0:45:18:71:ac:05:ed:47:e5:83:
                    5f:3e:55:f3:18:7d:92:42:5c:d4:34:6e:d0:9c:57:
                    b1:78:11:ce:74:5d:b6:fc:c8:e8:aa:c2:87:a3:57:
                    aa:c4:59:92:70:25:6e:cf:9e:ca:56:f3:fd:2b:ef:
                    39:a9:ac:a5:de:d6:c1:c2:73:28:e7:63:9e:ef:7e:
                    81:e3:b0:e0:12:d4:28:94:cb:ca:70:c6:4c:e8:7a:
                    5c:6c:49:9f:7b:f5:a5:6e:44:9f:93:b2:2a:3a:6f:
                    5a:5b:73:d0:b3:9e:08:8d:bf:47:cc:b8:b2:77:14:
                    59:7f:57:cb:bd:eb:5d:2b:54:3b:a1:1c:7f:1d:6b:
                    3a:42:77:38:2c:81:01:a9:5e:06:a6:82:50:c5:26:
                    dc:f1:38:2b:75:38:e7:54:44:91:e3:52:3f:1d:d9:
                    55:7e:8b:b9:e8:d1:9d:ef:67:30:4e:01:fc:2b:96:
                    d0:31:6c:6a:b9:37:1d:ac:e8:5b:01:bf:c5:f8:d9:
                    10:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:C2:30:08:3B:58:34:24:EE:1A:9C:69:28:8C:81:59:68:10:A4:7F
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/v8IwCDtYNCTuGpxpKIyBWWgQpH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:4a:06:26:45:1e:60:31:87:9c:97:46:cc:6e:15:ca:9c:c8:
         70:83:b8:b7:ac:7c:d1:7b:af:c5:5c:a9:43:50:f6:ba:aa:54:
         2f:cf:05:e2:eb:4d:34:26:59:2c:23:b1:2a:b3:68:5e:5a:3d:
         a0:f1:fa:37:c7:21:4c:17:a1:76:2c:0d:ef:c7:ec:73:a8:cc:
         5d:36:8e:3c:68:ca:0f:9d:93:ef:00:e1:18:c1:89:a9:ce:4a:
         e3:1a:86:19:2b:39:d3:93:63:f0:27:fc:a5:c9:5d:09:af:53:
         97:41:92:7a:10:6c:a7:31:79:23:3b:a9:bd:4e:11:1c:9d:e3:
         3b:07:69:07:37:2a:4e:2b:31:24:9f:c0:47:9d:fd:2a:e1:d2:
         b2:a5:7c:cc:0d:7a:e1:da:61:cc:cf:ec:6b:5a:02:35:95:6c:
         ec:97:c7:d4:ef:c1:39:66:4e:36:11:f0:ea:81:c1:3b:76:5b:
         c3:f1:76:80:fe:26:4f:52:79:48:88:fe:1c:5c:14:e8:96:4c:
         bc:41:60:e3:58:94:68:50:75:f6:89:9a:9f:36:90:87:92:a9:
         b5:a6:bf:08:04:92:e7:29:7d:c0:66:4a:25:ac:0d:0d:c1:80:
         0a:7c:9f:89:1f:06:6b:9f:9b:c8:5e:10:05:35:60:b3:54:41:
         b0:d3:f7:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4X0pR1PZtVIJutuaq3iSOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNTExMTYxNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmMyMzAwODNiNTgzNDI0ZWUxYTljNjkyODhjODE1OTY4MTBhNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsjlq1JV48XyAMr0DgBuzoOw8iUB
n4lI7lI1a12AFgSZfAH3JMnV9mo+HJXCaZIl5cgpEbaf/9nwYbYk+55iBMBFGHGs
Be1H5YNfPlXzGH2SQlzUNG7QnFexeBHOdF22/MjoqsKHo1eqxFmScCVuz57KVvP9
K+85qayl3tbBwnMo52Oe736B47DgEtQolMvKcMZM6HpcbEmfe/WlbkSfk7IqOm9a
W3PQs54Ijb9HzLiydxRZf1fLvetdK1Q7oRx/HWs6Qnc4LIEBqV4GpoJQxSbc8Tgr
dTjnVESR41I/HdlVfou56NGd72cwTgH8K5bQMWxquTcdrOhbAb/F+NkQVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/CMAg7WDQk7hqcaSiMgVloEKR/MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvdjhJd0NEdFlOQ1R1R3B4cEtJeUJXV2dRcEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWI8MA0G
CSqGSIb3DQEBCwUAA4IBAQBrSgYmRR5gMYecl0bMbhXKnMhwg7i3rHzRe6/FXKlD
UPa6qlQvzwXi6000JlksI7Eqs2heWj2g8fo3xyFMF6F2LA3vx+xzqMxdNo48aMoP
nZPvAOEYwYmpzkrjGoYZKznTk2PwJ/ylyV0Jr1OXQZJ6EGynMXkjO6m9ThEcneM7
B2kHNypOKzEkn8BHnf0q4dKypXzMDXrh2mHMz+xrWgI1lWzsl8fU78E5Zk42EfDq
gcE7dlvD8XaA/iZPUnlIiP4cXBTolky8QWDjWJRoUHX2iZqfNpCHkqm1pr8IBJLn
KX3AZkolrA0NwYAKfJ+JHwZrn5vIXhAFNWCzVEGw0/c8
-----END CERTIFICATE-----